What Is Claimed Is: 

1. An apparatus for processing a subject name included in a 
personal certificate, comprising: 

a part that receives a personal certificate; 

a part that verifies the received personal certificate based on a 
digital signature technique; 

a part that extracts at least one of predetermined elements in a 
hierarchy of a subject name included in the received personal certificate; and 

a part that determines an access right of Vholder of the personal 
certificate based on a value of the at least one predetermined element when 
the personal certificate is successfully verified, 

2. The apparatus for processing a subject name included in a 
personal certificate according to claim 1, wherein the at least one of the 
predetermined elements is an organizational unit name of a predetermined 
hierarchy of the subject name. 

3. The apparatus for processing a subject name included in a 
personal certificate according to claim 1, wherein the predetermined 
elements are an organizational unit name of one hierarchy allocated for 
representing a project name and a part of a common name allocated for 
representing a purpose of operation. 

4. A web server computer system comprising : 
a part that receives a personal certificate; 

a part that verifies the received personal certificate based on a 
digital signature technique; 

a part that extracts at least one of predetermined elements in a 
hierarchy of a subject name included in the received personal certificate; and 
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a part that determines an access right of a holder of the personal 
certificate based on a value of the at least one predetermined element when 
the received personal certificate is successfully verified* 

5. A web server computer system comprising: 
a part that receives a personal certificate; 

a part that verifies the received personal certificate based on a 
digital signature technique; 

a part that allocates a session identifier when the received personal 
certificate is successfully verified; 

a part that extracts at least one of predetermined elements in a 
hierarchy of a subject name included in the received personal certificate; 

a part that determines an access right of a holder of the personal 
certificate based on a value of the at least one predetermined element when 
the received personal certificate is successfully verified; and 

a part that stores the determined access right associated with the 
session identifier. 

6. The web server computer system according to claiiji 5, wherein 
the at least one of the predetermined elements is an organizational unit name 
of a predetermined hierarchy of the subject name. 

7. The wpb server computer system according to claim 5, wherein 
the predetermined elements are an organizational unit name of one hierarchy 
allocated for representing a project name and a part of a common name 
allocated for representing a purpose of operation. 

8. An apparatus for processing a subject name included in a 
personal certificate, which receives a personal certificate in which a 
predetermined element of a subject name represents an organization to 
which a holder of the certificate belongs and an attribute other than a 



personal ID so as to process the subject name, the apparatus comprising: 

a part that receives the personal certificate; 

a part that extracts a predetermined element in a hierarchy of a 
subject name included in the received personal certificate; and 

a part that determines an access right at least based on an 
organization to which a holder belongs and an attribute other than a personal 
ID represented by a value of the predetermined element. 

9. The apparatus for processing a subject name included in a 
personal certificate according to claim 8, wherein the organizational unit 
name of a predetermined hierarchy of the subject riame represents that the 
holder of the certificate is not a member of an organization represented by 
the organization name and that the holder cooperates with the organization. 

10. The apparatus for processing a subject name included in a 
personal certificate according to claim 8, wherein the organizational unit 
name of a predetermined hierarchy of the subject name represents a project 
name in which the holder takes part. 

11. The apparatus for processing a subject name included in a 
personal certificate according to claim 8, wherein the organizational unit 
name of a predetermined hierarchy of the subject name represents a 
cooperating organisation name which cooperates with an organization 
represented by the organization name and to which the holder belongs. 

12. The apparatus for processing a subject name included in a 
personal certificate according to claim 8, wherein the organizational unit 
name of a predetermined hierarchy of the subject name represents a type of 
operation in which the holder takes part. 

13. The apparatus for processing a subject name included in a 
personal certificate according to claim 8, wherein a common name in the 



subject name represents a type of operation in which the holder takes part. 

14. An apparatus for processing a subject name included in a 
personal certificate, comprising: 

a part that receives a personal certificate; 

a part that extracts a predetermined element in a hierarchy of a 
subject name included in the received personal certificate; and 

a part that determines an access right based on a value of the 
predetermined element. 

15. A method for processing a subject name included in a personal 
certificate, comprising the steps of: 

receiving a personal certificate; 

verifying the received personal certificate based on a digital 
signature technique; 

extracting at least one of predetermined elements in a hierarchy of a 
subject name included in the received personal certificate; and 

determining an access right of a holder of the personal certificate 
based on a value of the at least one predetermined element when the personal 
certificate is successfully verified. 

16. A method for processing a subject name included in a personal 
certificate, which receives a personal certificate in which a predetermined 
element of a subject name represents an organization to which a holder of 
the personal certificate belongs and an attribute other than a personal ID so 
as to process the subject name, the method comprising the steps of: 

receiving the personal certificate; 

extracting a predetermined element in a hierarchy of a subject name 
included in the received personal certificate; and 

determining an access right at least based on an organization to 



which a holder belongs and an attribute other than a personal ID represented 
by a value of the predetermined element. 

17. A storage medium readable by a computer; the storage medium 
storing a program of instructions executable by the computer to perform a 
function for processing a subject name included in a personal certificate, the 
function comprising the steps of: 

receiving a personal certificate; 

verifying the received personal certificate based on a digital 
signature technique; ; 

extracting at least one of predetermined elements in a hierarchy of a 
subject name included in the received personal certificate; and 

determining an access right of a holder of the personal certificate 
based on a value the at least one predetermined element when the personal 
certificate is successfully verified. 

18. A storage medium readable by a computer, the storage medium 

storing a program of instructions executable by the computer to perform a 

function for processing a subject name included in a personari^certificate, 

which receives a personal certificate in which a predetermined element of a 

subject name represents an organization to which a holder of the personal 
# 

certificate belongs and an attribute other than a personal ID so as to process 
the subject name, the function comprising the steps of: 
receiving the personal certificate; 

extracting a predetermined element in a hierarchy of a subject name 
included in the received personal certificate; and 

determining an access right at least based on an organization to 
which a holder belongs and an attribute other than a personal ID represented 
by a value of the predetermined element. 
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19. The storage medium according to claim 18, wherein a personal 
certificate in which at least one of an organizational unit name and a 
common name of a subject name represents an organization to which a 
holder belongs and an attribute other than a personal ID are stored. 



